diff options
author | root <root@mail.bitbase.dk> | 2008-09-22 13:11:37 +0200 |
---|---|---|
committer | root <root@mail.bitbase.dk> | 2008-09-22 13:11:37 +0200 |
commit | 3217c76b41bb987352d740c48d860173450c6b0f (patch) | |
tree | 68e3f78a5024e43dadfe97be11d564a2d3e47602 /ldap/db/10_base.conf.in | |
parent | 097e567be7a319314e11a5d563e5581bb12c093a (diff) | |
parent | 31ce6fc73565aa800f9612cb2c4223e71c7094c7 (diff) |
Merge branch 'master' of git://source.jones.dk/local-COMMON
Diffstat (limited to 'ldap/db/10_base.conf.in')
-rw-r--r-- | ldap/db/10_base.conf.in | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/ldap/db/10_base.conf.in b/ldap/db/10_base.conf.in new file mode 100644 index 0000000..0781b3d --- /dev/null +++ b/ldap/db/10_base.conf.in @@ -0,0 +1,22 @@ +# Ensure read access to the base for things like +# supportedSASLMechanisms. Without this you may +# have problems with SASL not knowing what +# mechanisms are available and the like. +# Note that this is covered by the 'access to *' +# ACL below too but if you change that as people +# are wont to do you'll still need this if you +# want SASL (and possible other things) to work +# happily. +access to dn.base="" + by * read + +access to dn.subtree="cn=monitor" + by * read + +# The admin dn has full write access, everyone else +# needs further checking +access to dn.subtree="@SUFFIX@" + by dn.exact="cn=admin,@SUFFIX@" write + by group/groupOfUniqueNames/uniqueMember="cn=DSA,ou=Administrators,ou=Groups,ou=Access Control,@SUFFIX@" write + by group/groupOfUniqueNames/uniqueMember="cn=Replicants,ou=Groups,ou=Access Control,@SUFFIX@" write + by * break |